Creating a .csv configuration file
If you already have a .csv configuration file from your YubiKey provider, you can skip this section. You can create a .csv configuration file that contains the YubiKey token key material if you do not have one from your YubiKey provider. Yubico OTP is the only supported Yubico format.
About this task
To prepare the Yubico OTP token, complete the following steps:
- Download and install the YubiKey Personalization Tool from the Yubico website https://www.yubico.com/.
- Insert the Yubikey token in a USB slot on a Windows system.
- Run the YubiKey Personalization Tool.
- Select the Settings tab.
- In the Log configuration output control, select Yubico format. This is the only supported format.
- Select the Yubico OTP tab.
- Click Quick.
Select Configuration Slot 2.
Note: You can use either slot 1 or 2 with IBM® MFA. However, slot 2 is recommended because it requires a long press, making it less likely that the Yubikey is accidentally triggered.
Click Write Configuration.
The configuration information is stored in a format similar to the following example:
where the first field is the serial number of the Yubikey token and the key material follows.
Save the configuration file (.csv file) to a secure location of your
choice that is accessible to the IBM MFA server system.
Important: The configuration .csv file contains important key material. Save the file only in a secure location. A malicious actor could attempt to use the key material to gain system access.